[tor-commits] [tor/master] Fix parse_virtual_addr_network minimum network size

Mon Oct 3 17:49:15 UTC 2016

commit ae4077916c94e9c15fa2800f51409ccb116bf63f
Author: Paolo Inglese <paolo.ingls at gmail.com>
Date:   Mon Oct 3 12:18:51 2016 +0100

    Fix parse_virtual_addr_network minimum network size
---
 changes/ticket20151 | 7 +++++++
 doc/tor.1.txt       | 7 +++++--
 src/or/addressmap.c | 6 +++---
 3 files changed, 15 insertions(+), 5 deletions(-)

diff --git a/changes/ticket20151 b/changes/ticket20151
new file mode 100644
index 0000000..5d246d9
--- /dev/null
+++ b/changes/ticket20151
@@ -0,0 +1,7 @@
+ o Minor features:
+   - Increase the maximum number of bits for the IPv6 virtual network prefix
+     from 16 to 104. In this way, the condition for address allocation is less
+     restrictive. Also, the variable max_bits is called max_prefix_bits,
+     making it clearer the meaning of the condition (bits > max_prefix_bits).
+     Closes ticket 20151; feature on 0.2.4.7-alpha.
+
diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 2e73b27..9f4eb31 100644
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -1275,8 +1275,11 @@ The following options are useful only for clients (that is, if
     "172.16.0.0/12" and change the IPv6 network to "[FC00::]/7".
     The default **VirtualAddrNetwork** address ranges on a
     properly configured machine will route to the loopback or link-local
-    interface. For
-    local use, no change to the default VirtualAddrNetwork setting is needed.
+    interface. The maximum number of bits for the network prefix is set to 104
+    for IPv6 and 16 for IPv4. However, a wider network - smaller prefix length
+    - is preferable since it reduces the chances for an attacker to guess the
+    used IP. For local use, no change to the default VirtualAddrNetwork setting
+    is needed.
 
 [[AllowNonRFC953Hostnames]] **AllowNonRFC953Hostnames** **0**|**1**::
     When this option is disabled, Tor blocks hostnames containing illegal
diff --git a/src/or/addressmap.c b/src/or/addressmap.c
index f7544ab..33fd7e0 100644
--- a/src/or/addressmap.c
+++ b/src/or/addressmap.c
@@ -774,7 +774,7 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
   const int ipv6 = (family == AF_INET6);
   tor_addr_t addr;
   maskbits_t bits;
-  const int max_bits = ipv6 ? 40 : 16;
+  const int max_prefix_bits = ipv6 ? 104 : 16;
   virtual_addr_conf_t *conf = ipv6 ? &virtaddr_conf_ipv6 : &virtaddr_conf_ipv4;
 
   if (!val || val[0] == '\0') {
@@ -804,10 +804,10 @@ parse_virtual_addr_network(const char *val, sa_family_t family,
   }
 #endif
 
-  if (bits > max_bits) {
+  if (bits > max_prefix_bits) {
     if (msg)
       tor_asprintf(msg, "VirtualAddressNetwork%s expects a /%d "
-                   "network or larger",ipv6?"IPv6":"", max_bits);
+                   "network or larger",ipv6?"IPv6":"", max_prefix_bits);
     return -1;
   }
 

